Commit 2c4e9f2e authored by Raphaël Hertzog's avatar Raphaël Hertzog

Patch responder to use TLS instead of SSLv3 which is no longer available. FS #3048.

parent 7c73aeed
responder (2.3.0-0kali3) kali-dev; urgency=medium
* Patch responder to use TLS instead of SSLv3 which is no longer available.
FS #3048.
-- Raphaël Hertzog <hertzog@debian.org> Mon, 08 Feb 2016 12:09:42 +0100
responder (2.3.0-0kali2) kali-dev; urgency=medium
* Drop dependency on python-support (obsolete package)
......
From: =?utf-8?q?Rapha=C3=ABl_Hertzog?= <hertzog@debian.org>
Date: Mon, 8 Feb 2016 12:04:55 +0100
Subject: Use SSLv23_METHOD as this allows any supported protocol
Cf https://openssl.org/docs/manmaster/ssl/SSL_CTX_new.html
Bug: https://github.com/SpiderLabs/Responder/issues/65
Bug-Kali: https://bugs.kali.org/view.php?id=3048
---
servers/HTTP.py | 46 +++++++++++++++++++++++-----------------------
1 file changed, 23 insertions(+), 23 deletions(-)
diff --git a/servers/HTTP.py b/servers/HTTP.py
index 0f0e6e6..fbc4ba5 100644
--- a/servers/HTTP.py
+++ b/servers/HTTP.py
@@ -32,11 +32,11 @@ def ParseHTTPHash(data, client):
LMhashLen = struct.unpack('<H',data[12:14])[0]
LMhashOffset = struct.unpack('<H',data[16:18])[0]
LMHash = data[LMhashOffset:LMhashOffset+LMhashLen].encode("hex").upper()
-
+
NthashLen = struct.unpack('<H',data[20:22])[0]
NthashOffset = struct.unpack('<H',data[24:26])[0]
NTHash = data[NthashOffset:NthashOffset+NthashLen].encode("hex").upper()
-
+
UserLen = struct.unpack('<H',data[36:38])[0]
UserOffset = struct.unpack('<H',data[40:42])[0]
User = data[UserOffset:UserOffset+UserLen].replace('\x00','')
@@ -48,12 +48,12 @@ def ParseHTTPHash(data, client):
WriteHash = '%s::%s:%s:%s:%s' % (User, HostName, LMHash, NTHash, settings.Config.NumChal)
SaveToDb({
- 'module': 'HTTP',
- 'type': 'NTLMv1',
- 'client': client,
- 'host': HostName,
- 'user': User,
- 'hash': LMHash+":"+NTHash,
+ 'module': 'HTTP',
+ 'type': 'NTLMv1',
+ 'client': client,
+ 'host': HostName,
+ 'user': User,
+ 'hash': LMHash+":"+NTHash,
'fullhash': WriteHash,
})
@@ -68,12 +68,12 @@ def ParseHTTPHash(data, client):
WriteHash = '%s::%s:%s:%s:%s' % (User, Domain, settings.Config.NumChal, NTHash[:32], NTHash[32:])
SaveToDb({
- 'module': 'HTTP',
- 'type': 'NTLMv2',
- 'client': client,
- 'host': HostName,
- 'user': Domain+'\\'+User,
- 'hash': NTHash[:32]+":"+NTHash[32:],
+ 'module': 'HTTP',
+ 'type': 'NTLMv2',
+ 'client': client,
+ 'host': HostName,
+ 'user': Domain+'\\'+User,
+ 'hash': NTHash[:32]+":"+NTHash[32:],
'fullhash': WriteHash,
})
@@ -115,7 +115,7 @@ def ServeFile(Filename):
return data
def RespondWithFile(client, filename, dlname=None):
-
+
if filename.endswith('.exe'):
Buffer = ServeExeFile(Payload = ServeFile(filename), ContentDiFile=dlname)
else:
@@ -153,7 +153,7 @@ def PacketSequence(data, client):
return RespondWithFile(client, settings.Config.Html_Filename)
WPAD_Custom = WpadCustom(data, client)
-
+
if NTLM_Auth:
Packet_NTLM = b64decode(''.join(NTLM_Auth))[8:9]
@@ -191,11 +191,11 @@ def PacketSequence(data, client):
GrabCookie(data, client)
SaveToDb({
- 'module': 'HTTP',
- 'type': 'Basic',
- 'client': client,
- 'user': ClearText_Auth.split(':')[0],
- 'cleartext': ClearText_Auth.split(':')[1],
+ 'module': 'HTTP',
+ 'type': 'Basic',
+ 'client': client,
+ 'user': ClearText_Auth.split(':')[0],
+ 'cleartext': ClearText_Auth.split(':')[1],
})
if settings.Config.Force_WPAD_Auth and WPAD_Custom:
@@ -255,7 +255,7 @@ class HTTPS(StreamRequestHandler):
data = self.exchange.recv(8092)
self.exchange.settimeout(0.5)
Buffer = WpadCustom(data,self.client_address[0])
-
+
if Buffer and settings.Config.Force_WPAD_Auth == False:
self.exchange.send(Buffer)
if settings.Config.Verbose:
@@ -273,7 +273,7 @@ class SSLSock(ThreadingMixIn, TCPServer):
from OpenSSL import SSL
BaseServer.__init__(self, server_address, RequestHandlerClass)
- ctx = SSL.Context(SSL.SSLv3_METHOD)
+ ctx = SSL.Context(SSL.SSLv23_METHOD)
cert = os.path.join(settings.Config.ResponderPATH, settings.Config.SSLCert)
key = os.path.join(settings.Config.ResponderPATH, settings.Config.SSLKey)
Index: responder/Responder.py
===================================================================
--- responder.orig/Responder.py 2014-10-12 14:14:18.062848568 -0400
+++ responder/Responder.py 2014-10-12 14:15:14.804605322 -0400
@@ -16,7 +16,9 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-import sys,struct,SocketServer,re,optparse,socket,thread,Fingerprint,random,os,ConfigParser,BaseHTTPServer, select,urlparse,zlib, string, time
+import sys
+sys.path.append("/usr/share/responder/")
+import struct,SocketServer,re,optparse,socket,thread,Fingerprint,random,os,ConfigParser,BaseHTTPServer, select,urlparse,zlib, string, time
from SocketServer import TCPServer, UDPServer, ThreadingMixIn, StreamRequestHandler, BaseRequestHandler,BaseServer
from Fingerprint import RunSmbFinger,OsNameClientVersion
from odict import OrderedDict
@@ -55,7 +57,7 @@
parser.print_help()
exit(-1)
-ResponderPATH = os.path.dirname(__file__)
+ResponderPATH = '/usr/share/responder/' #os.path.dirname(__file__)
#Config parsing
config = ConfigParser.ConfigParser()
Use-SSLv23_METHOD-as-this-allows-any-supported-protocol.patch
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment